Mapping the Global Configuration

Before you change the Directory Proxy Server 11g Release 1 (11.1.1.5.0) configuration, back
up the configuration by using the dpadm backup command. For more information, see dpadm(1M).

You can configure Directory Proxy Server 11g Release 1 (11.1.1.5.0) by using
the Directory Service Control Center (DSCC) or the dpconf command-line utility. For more
information, see dpconf(1M).

Directory Proxy Server 11g Release 1 (11.1.1.5.0) configuration can be retrieved as a
set of properties. For example, information about the port is returned in the
listen-port property. This section describes how to map the version 5.2 global configuration
attributes to the corresponding properties in Directory Proxy Server 11g Release 1 (11.1.1.5.0),
where applicable. Not all functionality can be mapped directly.

The global Directory Proxy Server 5.2 configuration is specified by two object classes:

ids-proxy-sch-LDAPProxy. Contains the name of the Directory Proxy Server server and the DN of the global configuration object.

Because of the way in which Directory Proxy Server 11g Release 1
(11.1.1.5.0) is configured, Directory Proxy Server 11g Release 1 (11.1.1.5.0) has no equivalent
for the ids-proxy-sch-LDAPProxy object class or its attributes.

In Directory Proxy Server 5.2, these configuration attributes are stored under ids-proxy-con-Config-Name=user-defined-name,ou=system,ou=dar-config,o=netscaperoot.

The functionality of the ids-proxy-sch-GlobalConfiguration is provided as properties of various elements in
Directory Proxy Server 11g Release 1 (11.1.1.5.0). The following table maps the attributes
of the ids-proxy-sch-GlobalConfiguration object class to the corresponding properties in Directory Proxy
Server 11g Release 1 (11.1.1.5.0).

Directory Proxy Server 5.2 Attribute

Directory Proxy Server 11g
Release 1 (11.1.1.5.0) Property

ids-proxy-con-Config-Name

No equivalent

Directory Proxy Server 11g Release 1 (11.1.1.5.0) has
two listeners, a non-secure listener and a secure listener. The version 5.2 listen
configuration attributes can be mapped to the following four listener properties. To configure listener
properties, use the dpconf command as follows:

In Directory Proxy Server 5.2, these configuration attributes are stored under ids-proxy-con-Config-Name=user-defined-name,ou=system,ou=dar-config,o=netscaperoot.

The following table maps the version 5.2 security attributes to the corresponding properties
in Directory Proxy Server 11g Release 1 (11.1.1.5.0).

Table 9-1 Mapping of Security Configuration

Directory Proxy Server 5.2 Attribute

Directory
Proxy Server 11g Release 1 (11.1.1.5.0) Property

ids-proxy-con-ssl-key

ssl-key-pin

ids-proxy-con-ssl-cert

ssl-certificate-directory

ssl-server-cert-alias

ids-proxy-con-send-cert-as-client

This attribute enables the proxy server
to send its certificate to the LDAP server to allow the LDAP server
to authenticate the proxy server as an SSL client.

ssl-client-cert-alias

This property enables the proxy
server to send a different certificate to the LDAP server, depending on whether
it is acting as an SSL Server or an SSL Client.

ids-proxy-con-server-ssl-version

ids-proxy-con-client-ssl-version

No equivalent

ids-proxy-con-ssl-cert-required

This feature
can be achieved by setting the following server property:

$ dpconf set-server-prop allow-cert-based-auth:require

ids-proxy-con-ssl-cafile

No equivalent

Managing Certificates

Directory Proxy Server 5.2 certificates were managed by using the certreq utility,
or by using the console. In Directory Proxy Server 11g Release 1
(11.1.1.5.0), certificates are managed by using the dpadm command, or by using the DSCC.

Access Control on the Proxy Configuration

In Directory Proxy Server 5.2, access control on the proxy configuration is managed
by ACIs in the configuration directory server. In Directory Proxy Server 11g
Release 1 (11.1.1.5.0), access to the configuration file is restricted to the person
who created the proxy instance, or to the proxy manager if the configuration
is accessed through Directory Proxy Server. Editing the configuration file directly is not
supported.